package cn.tedu.baidashi.security;


import cn.tedu.baidashi.service.Impl.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

//当前类是spring-Security的一个配置类,继承自网络安全适配器接口 WebSecurityConfigureAdapter(WSCA)
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //装配UserDetailsServiceImpl 用于获取根据用户名查到的用户对象及权限
    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    //重写 授权配置 configure 方法 参数为UserDetails类型
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService);
    }

    //设置页面访问权限
    @Override
    protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
                    .authorizeRequests()
                    .antMatchers(
                            "/bootstrap/**",
                            "/bower_components/**",
                            "/js/**",
                            "/css/**",
                            "/image/**",
                            "/images/**",
                            "/my/**",
                            "/npm/**",
                            "/summernote/**",
                            "/login.html",
                            "/register.html",//
                            "/index.html",
                            "/series.html"
                                                //还需要放行详情页
                    ).permitAll()//放行上面资源,不需要登录
                    .anyRequest()//对其他资源的请求
                    .authenticated()  //需要登录才能访问
                    .and()  //上面配置完毕
                    .formLogin()   //配置表单登录
                    .loginPage("/login.html") //配置登录页路径
                    .loginProcessingUrl("/login")//表单提交登录页信息的路径
                    .failureUrl("/login.html?error")//登录失败时访问的路径
                    .defaultSuccessUrl("/guest_index.html")//登录成功后的页面
                    .and()//登录配置完毕
                    .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login.html");//登出成功后显示的页面
    }
}
